Electronic mail (“e-mail”) messages may be encoded using one of a number of known protocols. Some of these protocols, such as Secure Multiple Internet Mail Extensions (“S/MIME”) for example, rely on public and private encryption keys to provide confidentiality and integrity, and on a Public Key Infrastructure (PKI) to communicate information that provides authentication and authorization. Data encrypted using a private key of a private key/public key pair can only be decrypted using the corresponding public key of the pair, and vice-versa. The authenticity of public keys used in the encoding of messages is validated using certificates. In particular, if a user of a computing device wishes to encrypt a message before the message is sent to a particular individual, the user will require a certificate for that individual. That certificate will typically comprise the public key of the individual, as well as other identification-related information. Similarly, if a user of a computing device wishes to authenticate the sender of a signed message, the user will require a certificate for that sender.
If the requisite certificate is not already stored on the user's computing device, the certificate must first be retrieved. Searching for and retrieving a specific certificate is a process that generally involves querying a certificate server by having the user manually enter the name and/or e-mail address of the individual for which a certificate is requested in a search form displayed on the computing device. Generally, certificates located in the search are then temporarily downloaded to the computing device for consideration, and a list of located certificates may then be displayed to the user. Selected certificates in the list may then be manually identified by a user for storage in a non-volatile store of the computing device, for potential future use.
Consider an implementation where the user's computing device is a mobile device. When a message is received at a message server and is made available for downloading to the mobile device, the message is typically only transmitted to the mobile device in successive data blocks of a pre-defined size, in order to conserve bandwidth. More specifically, a first block of the message (e.g. 2 KB of data) is downloaded to the mobile device, and if the user wishes to receive more of the message, the user can request that further blocks be downloaded to the mobile device, until the entire message has been downloaded to the mobile device or until some pre-defined limit on the message download is reached.
If the received message is a signed S/MIME message, for example, in order to verify the integrity of the message and authenticate the identity of the sender, the certificate of the sender is required. In some cases, the requisite certificate may accompany the message, with the certificate typically being attached to the end of the message. Alternatively, the requisite certificate may not accompany the message, but one or more certificate identifiers that identify the certificate used in the signing is provided, also typically at the end of the message. The identified certificate can then be retrieved from either a certificate store on the mobile device if the certificate is already stored therein, or a certificate server from which the certificate can be downloaded as noted above.
In order to obtain the certificate or the certificate identifiers for a message, the entire message must typically be downloaded to the mobile device. Unfortunately, downloading entire messages simply to retrieve the certificate information can be a time-consuming and expensive task (e.g. with respect to bandwidth). On the other hand, if only a small part of the message has been downloaded to the mobile device, or if the message is too long and cannot be downloaded to the mobile device due to an imposed limit, it may not be possible to identify the certificate that is required to verify the integrity of the received message and to authenticate the identity of the sender with any certainty.